Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Added libdomainkeys sources, fixed up the Makefile.
  • Loading branch information
icculus committed Mar 23, 2017
1 parent 70d42f9 commit 32e0c05
Show file tree
Hide file tree
Showing 60 changed files with 5,087 additions and 7 deletions.
15 changes: 8 additions & 7 deletions Makefile
Expand Up @@ -812,7 +812,8 @@ dnsptr dnsip dnsmxip dnsfq hostname ipmeprint qreceipt qsmhook qbiff \
forward preline condredirect bouncesaying except maildirmake \
maildir2mbox maildirwatch qail elq pinq idedit install-big install \
instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \
binm3 binm3+df update_tmprsadh surblqueue dknewkey
binm3 binm3+df update_tmprsadh surblqueue dknewkey surblfilter \
dk-filter spawn-filter dktest qmail-dk qmail-dkim dkim

load: \
make-load warn-auto.sh systype
Expand Down Expand Up @@ -1116,12 +1117,12 @@ qmail-dk: \
load qmail-dk.o triggerpull.o fmtqfn.o now.o date822fmt.o mess822_ok.o \
subgetopt.o MakeArgs.o datetime.a seek.a ndelay.a open.a sig.a alloc.a substdio.a error.a \
str.a case.a fs.a auto_qmail.o auto_split.o auto_uids.o fd.a wait.a \
../libdomainkeys.a env.a getln.a control.o stralloc.a dns.lib
libdomainkeys-0.69/libdomainkeys.a env.a getln.a control.o stralloc.a dns.lib
./load qmail-dk triggerpull.o fmtqfn.o now.o mess822_ok.o \
date822fmt.o datetime.a seek.a ndelay.a open.a sig.a \
subgetopt.o MakeArgs.o substdio.a error.a fs.a auto_qmail.o \
auto_split.o auto_uids.o \
fd.a wait.a ../libdomainkeys.a -lcrypto env.a control.o open.a getln.a \
fd.a wait.a libdomainkeys-0.69/libdomainkeys.a -lcrypto env.a control.o open.a getln.a \
stralloc.a alloc.a substdio.a str.a case.a `cat dns.lib`

qmail-dk.0: \
Expand All @@ -1143,12 +1144,12 @@ dktest: load dktest.o scan_ulong.o dktrace.o \
dns.o ip.o error.o ipalloc.o fmt_ulong.o \
scan_xlong.o socket_v4mappedprefix.o socket_v6any.o \
case_diffs.o case_diffb.o fmt_str.o stralloc.a alloc.a str.a \
../libdomainkeys.a dns.lib
libdomainkeys-0.69/libdomainkeys.a dns.lib
./load dktest scan_ulong.o dktrace.o \
dns.o ip.o error.o ipalloc.o fmt_ulong.o \
scan_xlong.o socket_v4mappedprefix.o socket_v6any.o \
case_diffs.o case_diffb.o fmt_str.o stralloc.a alloc.a str.a \
../libdomainkeys.a -lcrypto `cat dns.lib`
libdomainkeys-0.69/libdomainkeys.a -lcrypto `cat dns.lib`

dktest.o: compile dktest.c domainkeys.h conf-domainkeys
./compile `grep -h -v "^#" conf-domainkeys` dktest.c
Expand All @@ -1166,12 +1167,12 @@ load qmail-dkim.o triggerpull.o fmtqfn.o now.o date822fmt.o \
subgetopt.o MakeArgs.o dkimdns.o datetime.a seek.a ndelay.a \
open.a sig.a alloc.a substdio.a error.a \
str.a case.a fs.a auto_qmail.o auto_split.o auto_uids.o fd.a wait.a \
../libdomainkeys.a env.a getln.a control.o stralloc.a dns.lib libdkim.a
libdomainkeys-0.69/libdomainkeys.a env.a getln.a control.o stralloc.a dns.lib libdkim.a
g++ -o qmail-dkim qmail-dkim.o triggerpull.o dkimdns.o fmtqfn.o now.o \
subgetopt.o MakeArgs.o date822fmt.o datetime.a seek.a ndelay.a \
open.a sig.a substdio.a error.a fs.a auto_qmail.o \
auto_split.o auto_uids.o fd.a wait.a \
../libdomainkeys.a -lcrypto env.a control.o open.a getln.a \
libdomainkeys-0.69/libdomainkeys.a -lcrypto env.a control.o open.a getln.a \
stralloc.a alloc.a substdio.a str.a case.a libdkim.a `cat dns.lib`

qmail-dkim.o: \
Expand Down
173 changes: 173 additions & 0 deletions libdomainkeys-0.69/CHANGES
@@ -0,0 +1,173 @@
Changed from 0.68 to 0.69:
API:
o Added dk_granularity() to retrieve the value of (g=) tag in DNS lookup (called after dk_end)
o Added DK_STAT_GRANULARITY status enumeration
o Fixed dktest.c to check for DK_STAT_GRANULARITY

Internal:
o Fixed dk_headers() to always return the proper length of a null terminated header list, even with a NULL argument and
RDUPE on
o Added dk->granularity pointer to DK struct
o Python wrapper updates
o Updated Documentation and test script
o Fixed bug with policy:
Consider a message with both a Sender: and a From: header, but no DK signature.

Changed from 0.67 to 0.68:

API:
o Added dk_settxt() to bypass dns lookups and set query responses manually
o Added dk_domain() to return the domain name used (dk->domain)
o Added python wrapper (domainkeys_wrap.c) (use make python to make shared object to import)

Internal:

Changed from 0.66 to 0.67:

API:
o Incompatible changes made: dk_free requires an additional parameter, used to specify the OpenSSL Error State should be cleared
o Added dk_setopts() and dk_getopts()
o Deprecated dk_enable_trace() and dk_remdupe() in favor of using dk_setopts()
o Added dk_shutdown() to be used at application shutdown (frees dklib and openssl memory when done)

Internal:
o Clarified documented behavior for dk_end()/dk_policy() and flag retrieval
o Performance improvments (see source for DK_HASH_BUFF)
o Fixed dkt_generate to remove the last ':' char and report accurate length of string returned
o Fixed memory leak in dk_headers()
o Added dk_init() Documentation update (Safe Multi-Thread Usage)

Changed from 0.65 to 0.66:

API:
o No incompatible changes made.
o Added dk_compare_trace(), dk_enable_trace() and dk_get_trace()
o Added -T option to dktest to enable generation of trace headers

Internal:
o Added test to dk_message() to detect stray CRs
o Fixed parent domain handling

Changes from 0.64 to 0.65:
API:
o No incompatible changes made.
o Added dk_remdupe() to turn on/off ignoring hashing in duplicate headers when signing
o Added dk_selector() to return the selector name used or NULL if there isn't one
o Added -h option to dktest to add h= tag when signing
o Added -r option to dktest to enable ignoring duplicate headers when signing (implies -h)

Internal:
o Win32 and Unixware compatability
o dk_headers() now reports accurate length of h= list and preserves duplicate headers
o Fixed dkheaders_header() to properly handle h= tags when verifying, handles duplicate headers properly
o Fixed simple canon, no longer unfolds headers when in simple canon
o Fixed nofws canon when an embedded \r is in the body of a message
o Fixed dk_from() to properly report the senders domain when the message is not signed
o Fixed dk_from() to properly return NULL when the sender address is malformed (ie: @host, user@, @, <empty>)
o Added check in dkheaders() to check dk_from() after parsing headers to make sure there is a valid sender address
o Fixed dk_policy() to use dk_from(), not value in dk->from
o Fixed handling of messages when verifying and more than one DK-Sig header is found, now uses the first DK-Sig found properly
o Fixed handling of messages when signing and there is an existing DK-Sig (Sender: before DK-Sig), pre-existing DK-Sig is ignored

Changes from 0.63 to 0.64:

API:
o No incompatible changes made.
o Added dk_headers().
o Added DK_FLAG_G, which reports that g= was present.
o Added dk_address().
o Deprecated dk_from().
o Added dk_end() (like dk_eom only it doesn't call dk_policy()).
o Added dk_policy().
o Deprecated dk_eom() in favor of calling dk_end and dk_policy.

Internal:
o dns_txt replaced by dns_text (internal-only change).
o dns_text now always returns a malloc'ed string.
o Added copyright and license.
o Added DK_MALLOC(), DK_MFREE(), and dk_strdup. They use openssl's.
o Changed dkparse822() to make an address for dk_address(), which see.
o Fixed a bug in dknewkey where it inserted an extra quote char.
o Fixed a memory leak in dk_free(). Thanks Robert Powers.
o Fixed makeheader to exit with zero. Thanks Slava Filimonov
o Added clean to Makefile targets
o Made changes to dktest to support new api entry points.
o Adjust test cases.

Changes from 0.62 to 0.63:

o Change dktest's "-t 7" option so that it works even if not signing.
o When using the h= tag, sign ALL instances of a header.
o Only remember the Sender AFTER the DK-Sig when verifying.
o Explicitly return DK_STAT_NOSIG if no sig was found.
o Explicitly finish off the headers if there is no body.
o Adjust test cases.

Changes from 0.61 to 0.62:

o This release now supports the -01 spec.
o If the domain was missing from the DK-S: header, it segfaulted.
o The TC8 test needed to have real headers rather than /dev/null.
o The TC14 test returns different results in 0.61 and needed fixing.
o Fix the bug reported by Richard Lyons on the qmail mailing list in
message 120186:
2. If the program is given a message to sign that's
already signed, it will try to verify it.
o dktest wasn't carrying failure status around properly.
o Added support for multiple canonicalizations.
. Have to parse the DK-Sig line earlier to get c= value.
. Folded EVP_SignUpdate and EVP_VerifyUpdate into EVP_DigestUpdate.
. Folded header and body processing into one call.
o Fixed support for c=simple so it works with trailing blank lines.
o Added support for Sender: signing domains.
o Added a check for a=rsa-sha1
o Added a check for q=dns
o Fixed a memory leak (wouldn't free the From: address)
o Added support for signing domain being a subdomain of d=.
o Used to be checking policy from signing domain, but spec says to
use d=domain.
o Added comments to makeheader.c and blank lines to its output.
o dkparselist had a subtle bug wherein it skipped a character after
the ';'. Most often that was a space, so no matter until I started
deleting spaces for nofws testing.
o dkparselist now checks for a trailing key but no value.
o Found a memory leak. dk->sender wasn't being freed.
o Added nofws support.
o Broke dkpolicy() out into its own subroutine. It's now called in two
places: if the signature doesn't verify, and if there is no signature at
all.
o Added a copyright license.
o Completely changed the way headers were parsed, to handle h=.
o Added h= support.
o Added test cases.

Changes from 0.60 to 0.61:

o added -DBIND_8_COMPAT for BIND9's sake.
o added dk_siglen to get the signature length.
o moved privatekey parameter from dk_sign to dk_getsig.

Changes from 0.59 to 0.60:

o dns_txt.c should extract the TXT record into a PACKETSZ buffer,
not MAXDNAME.
o Fixed two error return values in dns_txt.c
o dknewkey should delete its temporary file.
o Implemented full-RFC2822 address parsing.
o Added test case for dk_from to dktest.c
o Wasn't returning flags correctly in dk_eom().
o Wasn't properly null-terminating the signature string.
o Removed error notes from 'test'.
o Added whole piles of RFC2822 address parsing to 'test'.

Changes from 0.58 to 0.59:

o dktest strips off the path from the key filename to get the selector.
o dktest's -a option is now -b.
o dktest now rewinds its stdin.
o Added support for SWIG.
o Added dknewkey, which generates a private/public key pair and formats
the public key for insertion into a zone file.
o Wrote man pages for dktest and dknewkey in HTML.
o Portability fixes to Makefile, test, and dns_txt.c
o Fixed a bug in multiple TXT character-string handling.
24 changes: 24 additions & 0 deletions libdomainkeys-0.69/FILES
@@ -0,0 +1,24 @@
CHANGES
dktest.c
dktest.html
dns_txt.c
dnstest.c
domainkeys.c
FILES
Makefile
makeheader.c
README
dktrace.c
dktrace.h
testtrace.c
testcases
test
expected
dog
dknewkey
dknewkey.html
softwarelicense1-1.html
libdomainkeys.sln
libdomainkeys.vcproj
makeheader.vcproj
socktest.c
64 changes: 64 additions & 0 deletions libdomainkeys-0.69/Makefile
@@ -0,0 +1,64 @@
CC=gcc
CFLAGS=-DBIND_8_COMPAT -O2
#CFLAGS += -DDK_DEBUG -DDK_HASH_BUFF -Wall
#CFLAGS += -DUNIXWARE
INCS=-I.
LIBS=-L. -ldomainkeys -lcrypto
MAKE=make

dktest: dktest.o libdomainkeys.a dns.lib socket.lib
$(CC) $(CFLAGS) -o dktest dktest.o $(LIBS) `cat dns.lib` `cat socket.lib`

dktest.o: dktest.c domainkeys.h
$(CC) $(CFLAGS) -c dktest.c $(INCS)

testtrace: testtrace.o dktrace.o dktrace.h
$(CC) $(CFLAGS) -o testtrace testtrace.o dktrace.o

dktrace.o: dktrace.c dktrace.h

makeheader: makeheader.c
$(CC) $(CFLAGS) -o makeheader makeheader.c
domainkeys.o: domainkeys.c
$(CC) $(CFLAGS) -c domainkeys.c $(INCS)
dns_txt.o: dns_txt.c
$(CC) $(CFLAGS) -c dns_txt.c
dnstest.o: dnstest.c
$(CC) $(CFLAGS) -c dnstest.c
dnstest: dnstest.o dns_txt.o
$(CC) $(CFLAGS) -o dnstest dnstest.o dns_txt.o
dns.lib: dnstest.c
(if $(MAKE) dnstest >/dev/null 2>&1; then echo -lresolv; else echo ""; fi) >dns.lib
rm -f dnstest

socktest.o: socktest.c
$(CC) $(CFLAGS) -c socktest.c
socktest: socktest.o
$(CC) $(CFLAGS) -o socktest socktest.o -lsocket
socket.lib: socktest.c
(if $(MAKE) socktest >/dev/null 2>&1; then echo -lsocket -lnsl; else echo ""; fi) >socket.lib
rm -f socktest

domainkeys.h: domainkeys.c makeheader
./makeheader <domainkeys.c >domainkeys.h

libdomainkeys.a: domainkeys.o dns_txt.o dktrace.o
rm -f libdomainkeys.a
ar cr libdomainkeys.a domainkeys.o dns_txt.o dktrace.o
ranlib libdomainkeys.a

python: domainkeys_wrap.o _domainkeys.so

domainkeys_wrap.o: domainkeys.h domainkeys.i domainkeys_wrap.c
#swig -python -module domainkeys domainkeys.i
$(CC) $(CFLAGS) -c domainkeys_wrap.c -I/usr/include/python2.4/

_domainkeys.so: domainkeys.o dns_txt.o dktrace.o domainkeys_wrap.o
ld -shared domainkeys.o dns_txt.o dktrace.o domainkeys_wrap.o -lcrypto `cat dns.lib` -o _domainkeys.so

clean:
rm -f *.o *.so libdomainkeys.a dns.lib dnstest socktest makeheader dktest testtrace domainkeys.h

#
distributionfile:
sh makedistribution.sh
66 changes: 66 additions & 0 deletions libdomainkeys-0.69/README
@@ -0,0 +1,66 @@
This is libdomainkeys. It's Copyright (c) 2004 Yahoo, Inc.
This code incorporates intellectual property owned by
Yahoo! and licensed pursuant to the Yahoo! DomainKeys Public License
Agreement: http://domainkeys.sourceforge.net/license/softwarelicense1-1.html

INSTALLATION

C lib build
'make' will create libdomainkeys.a and domainkeys.h.

Or else it won't.

Python module build
'make python' will build the python wrapper and shared object (_domainkeys.so)

Common problems with the build:

If it can't find the openssl include files, you
might need to add a -I pointing to them to INCS variable in the Makefile.
In addition, you may have to add an -L to the the LIBS variable to point to the
path for the crypto lib.

Problems in "dns_text" with undefined refrences. Odds are the makefile failed
to correctly setup the dns.lib file so the easy fix is to do this:
echo "-lresolv" > dns.lib; make
that should build the dktest binary.

Unixware users may need to add -DUNIXWARE to the CFLAGS variable in the make file to
make a compatable header file for cc (not gcc) on that platform.

WIN32

Visual Studio 2003 Project files are included and configured to create
lib or dll in debug or release mode. OpenSSL is required and your environment
must be configured to find the openssl include files and pre-compiled library
from where they are. In Visual Studio, see Tools/Options/Projects/VC++
Directories.

USAGE

See dktest.html and dknewkey.html.

TESTING

The program named 'test' will execute a number of test cases.

./test

It should only print the test case numbers. If it prints anything
else, then that test failed.

ERRATA

None known.

DOCUMENTATION

Read domainkeys.h. If you need more information than it has,
then I need to write more.


Russell Nelson
Crynwr Software
nelson@crynwr.com
315-323-1241
FWD# 404529
13 changes: 13 additions & 0 deletions libdomainkeys-0.69/dknewkey
@@ -0,0 +1,13 @@
#!/bin/sh

BITS=384
if test -n "$2"; then BITS=$2; fi

openssl genrsa -out $1 $BITS 2>/dev/null
openssl rsa -in $1 -out /tmp/dknewkey.$$ -pubout -outform PEM 2>/dev/null
if test -f /usr/local/bin/tinydns-data; then
printf "'%s._domainkey.example.com:k=rsa; p=%s\n" `basename $1` `grep -v ^-- /tmp/dknewkey.$$ | tr -d '\n'`
else
printf "%s._domainkey\tIN\tTXT\t\"k=rsa; p=%s\"\n" `basename $1` `grep -v ^-- /tmp/dknewkey.$$ | tr -d '\n'`
fi
rm -f /tmp/dknewkey.$$

0 comments on commit 32e0c05

Please sign in to comment.